Access AWS CodeCommit from Jenkins running on EC2 (Ubuntu)

泄露秘密 提交于 2019-12-08 06:19:12

问题


I'm trying to integrate Jenkins with AWS CodeCommit. Jenkins is running on an AWS EC2 Instance with Ubuntu 14.04.

I followed this Blogpost: http://blogs.aws.amazon.com/application-management/post/Tx1C8B98XN0AF2E/Integrating-AWS-CodeCommit-with-Jenkins

The problem is, that sudo -u jenkins aws configure isn't executed because the jenkins user has no permissions.

What would you do?

The following commands aren't working as well:

sudo -u jenkins git config --global credential.helper '!aws codecommit credential-helper $@'
sudo -u jenkins git config --global credential.useHttpPath true
sudo -u jenkins git config --global user.email "me@mycompany.com"
sudo -u jenkins git config --global user.name "MyJenkinsServer"

What rights does the jenkins user need?

Thanks in advance.


回答1:


I was able to achieve this integration using SSH. To some extent, I followed these instructions: Setting up for CodeCommit

Assuming Jenkins Home is /var/lib/jenkins/

  1. Create an ssh key on the Jenkins EC2 instance (/var/lib/jenkins/.ssh/id_rsa)

    ssh-keygen -b 2048 -t rsa -f /var/lib/jenkins/.ssh/id-rsa -a -N
    
  2. Upload the public key to an IAM user (IAM user must have CodeCommit access)

    aws iam upload-ssh-public-key --user-name <username> --ssh-public-key-body file:///var/lib/jenkins/.ssh/id_rsa.pub
    
  3. Collect the SSHPublicKeyID when you upload the key

    {
     "SSHPublicKey": {
     "UserName": "jenkins",
     "Status": "Active",
     "SSHPublicKeyBody": "ssh-rsa <rsa-key> <host>\n",
     "UploadDate": "2015-09-02T19:18:24.309Z",
     "Fingerprint": "xxx",
     "SSHPublicKeyId": "APK***"
     }
    }
    
  4. Create/modify SSH config file

    Host git-codecommit.*.amazonaws.com
      User APK*******
      IdentityFile /var/lib/jenkins/.ssh/id_rsa
      StrictHostKeyChecking no
    
  5. Where the APK*** is the value of the Key ID retrieved in step 3

  6. Copy or move this file to /var/lib/jenkins/.ssh/config (or wherever Jenkins is installed on your EC2 instance)
  7. Ensure 'jenkins' user has 0600 permissions to /var/lib/jenkins/.ssh directory
  8. Create a Jenkins job as described in the blog post you first used. For the repository URL, however, enter the SSH url instead. (no credentials needed)



回答2:


After doing all of above steps. If it is still not works. clone any branch within /var/lib/jenkins/.ssh. It will add known host entry.

sudo -u jenkins git clone ssh://git-codecommit.<your-region>.amazonaws.com/v1/repos/<your test branch>`


来源:https://stackoverflow.com/questions/31566005/access-aws-codecommit-from-jenkins-running-on-ec2-ubuntu

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!